Man-In-the-Middle Attack

The man-in-the-middle is a rogue program that
intercepts all communication between the client and a server with which the
client is attempting to communicate via SSL. The rogue program intercepts
the legitimate keys that are passed back and forth during the SSL handshake,
substitutes its own, and makes it appear to the client that it is the server,
and to the server that it is the client.

The encrypted information exchanged at the beginning of the SSL handshake
is actually encrypted with the rogue program’s public key or private
key, rather than the client’s or server’s real keys. The rogue
program ends up establishing one set of session keys for use with the real
server, and a different set of session keys for use with the client. This
allows the rogue program not only to read all the data that flows between
the client and the real server, but also to change the data without being
deleted. Therefore, it is extremely important for the client to check that
the domain name in the server certificate corresponds to the domain name of
the server with which a client is attempting to communicate—in addition
to checking the validity of the certificate by performing the other steps
described in Server Authentication During SSL Handshake